A fundamental aspect of all fair and lawful processing of personal data under the current data protection rules is the requirement for the party who is the data controller to meet one or more conditions (“the conditions for processing”).
The requirement to meet a condition for processing continues under the new rules of the GDPR (the General Data Protection Regulation) and one of the grounds for lawful processing most debated is that of consent, what you need to do to obtain it and how businesses going forward can demonstrate that they had consent to process.
Under the GDPR, consent must be “freely given, specific, informed and an unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.
Inactivity and the pre-ticked box will not be sufficient anymore.
From tomorrow (Friday 3rd March), you will be able to provide your views and thoughts on the much awaited ICO draft GDPR consent guidance.
With a requirement to be able to verify consent, and substantive fines where business gets it wrong, for any business that relies on consent (and most of us do), this area of compliance is business critical and cannot be overlooked.
Visit MacRoberts Website for further details.
Morton Fraser MacRoberts LLP
MacRoberts LLP, one of the largest independently owned law firms in Scotland, was founded over 150 years ago by the MacRobert family. We are a leading Scottish commercial law firm with full-service offices in Dundee, Edinburgh and Glasgow with a client base that reaches across Scotland and beyond.
